Firewall

  • Stateful inspection
  • Connection-tracking TCP/UDP/ICMP
  • SPI and proxy combinable
  • Time controlled firewall rules,
    content filter and internet connection
  • IP-ranges, IP-groups
  • Layer7-filter
  • Port-ranges
  • Self- and predefined ports
  • Supported protocols:
    TCP, UDP, ICMP, GRE, ESP, AH

Management

  • eGUI Technology
    • ISO 9241 certified
    • visual feedback immediately supplied for each setting
    • self-explanatory functions
    • overview of all active services
    • overview of the whole network
    • Layer and zoom function
  • Role-based firewall administration
  • Role-based statistic-client
  • SSH-CLI
  • Desktop configuration saved / restored separately from backup
  • CLI on serial line
  • Object oriented firewall configuration
  • Direct Client Update function

LAN / WAN-support

  • Ethernet 10/100/1 000*/10 000* Mbit/s
  • Twisted-Pair / Fibre-Optics
  • MTU changeable (Ethernet/DSL)
  • PPPoE, PPTPoE
  • ISDN
  • PPP-PAP, PPP-CHAP authentication
  • Inactivity timeout
  • Forced disconnect time
  • Cablemodem, xDSL
  • Concurrent connections
  • Backup-connections
  • Connection availability check
  • Loadbalancing
  • Time controlled internet connections
  • Manual and automatic DNS assignment
  • Multiple dyn-DNS support
  • Supports 8 different dyn-DNS-services
  • Source based routing
  • Routing protocols RIP, OSPF

User authentication

  • Active Directory supported
  • Active Directory groups integration
  • OpenLDAP supported
  • Local userdatabase
  • Web-interface authentication (port changeable)
  • Windows-client authentication
  • Authentication on domain login
  • Single sign on with Kerberos
  • Single- and multi login
  • Web-Landing-Page
  • Login and logoff auditing
  • User- and group statistics

DHCP

  • DHCP-relay
  • DHCP-client
  • DHCP-server (dynamic and fixed IP)

DMZ

  • Port forwarding
  • PAT
  • Dedicated DMZ-links
  • DMZ-wizard
  • Proxy supported (SMTP)*

VLAN

  • Max. 4094 VLAN per interface possible
  • 802.1q ethernet header tagging
  • Combinable with bridging

Bridge-mode

  • OSI-layer 2 firewall-function
  • Spanning tree (bride-ID, port-cost)
  • Unlimited bridges
  • Unlimited interfaces per bridge
  • Combinable with VPN-SSL

Traffic shaping

  • Up- and download shapeable
  • Multiple internet connection separately shapeable
  • All services separately shapeable
  • Maximum and guaranteed bandwidth adjustable
  • QoS with TOS-flags supported
  • QoS inside VPN connection supported

Proxies*

  • HTTP (transparent or intransparent)
  • Support for Radius-server, AD-server, local user-database
  • HTTPS, FTP,POP3,SMTP,SIP
  • Integrated URL-/ content-filter
  • Integrated antivirus-filter
  • Integrated spam-filter
  • Time-controlled

Antivirus*

  • HTTP, HTTPS, FTP, POP3, SMTP
  • Scans compressed data and archives
  • Scans ISO 9660-files
  • Exceptions definable
  • Manual and automatic updates

Web-filter*

  • URL-filter
  • Content-filter
  • Block rules up to user-level
  • Black-/ white-lists
  • Im- / export of URL-lists
  • File-extension blocking
  • Category-based website-blocking
  • Self definable categories
  • Scan-technology with online-database
  • Transparent HTTP-proxy support
  • Intransparent HTTP-proxy support

Antispam*

  • Online-scanner
  • Scan-level adjustable
  • Real-time-detection-center
  • Black- / white-email-sender-lists
  • Mail-filter
    • Black- / white-email-recipients-lists
    • Automatically reject emails
    • Automatically delete emails
    • AD-email-addresses import

High availability

  • Active-passive HA
  • Synchronisation on single / multiple dedicated links
  • Manually switch roles

IDS/IPS*

  • Snort scan-engine
  • 5000+ IDS-pattern
  • Individual custom rules
  • Security-level adjustable
  • Rule groups selectable
  • Exceptions definable
  • Scanning of all interfaces
  • Email on IDS events
  • DoS, DDoS, portscan protection
  • Invalid network packet protection

Monitoring*

  • System-Info
  • CPU- / memory usage
  • Long-term-statistic
  • HDD-status (partitions, usage, RAID)
  • Network status (interfaces, routing, traffic, errors)
  • Process-monitoring
  • VPN-monitoring
  • User-authentication-monitoring

Logging, Reporting*

  • Email notification
  • Logging to multiple syslog-servers
  • Categorized messages
  • Report in admin-client (with filter)
  • Export report to CSV-files

SNMP

  • SNMPv2c
  • SNMP-traps
  • Auditing of:
    • CPU / Memory
    • HDD / RAID
    • Ethernet-interfaces
    • Internet-connections
    • VPN-tunnel
    • Users
    • Statistics, Updates
    • DHCP
    • HA

Statistics*

  • IP and IP-group statistic
  • Separate services
  • Single user / groups
  • TOP-lists (surfcontrol)
  • IDS-statistics
  • Traffic-statistics
  • Antivirus- / antispam-statistics
  • Defence statistics
  • Export statistic to CSV-files

VPN

  • VPN-wizard
  • Certificate-wizard
  • IPSec
    • Site-to-site
    • Client-to-Site (Road warrior)
    • Tunnel-Mode
    • IKEv1, IKEv2
    • PSK
    • X.509-certificates
    • 3DES, AES (128, 192, 256)
    • Blowfish (128, 192, 256)
    • DPD (Dead Peer Detection)
    • NAT-T
    • Compression
    • PFS (Perfect Forward Secrecy)
    • MD5, SHA1, SHA2 (256, 384, 512)
    • Diffi Hellman group (1, 2, 5, 14, 15, 16,17,18)
    • export to One-Click-Connection
    • XAUTH, L2TP
  • SSL
    • Site-to-site
    • Client-to-Site (Road warrior)
    • Routing-Mode-VPN
    • Bridge-Mode-VPN
    • X.509-certificates
    • TCP/UDP port changeable
    • Compression
    • specify WINS- and DNS-servers
    • 3DES, AES (128, 192, 256) CAST5, Blowfish
    • Export to One-Click-Connection
  • PPTP
    • Windows-PPTP compatible
    • Specify WINS- and DNS-servers
    • MSCHAPv2
  • X.509 certificates
    • CRL
    • OCSP
    • Templates
    • Multi CA support
    • Multi host-cert. support

VPN-client

  • IPSec-client
  • SSL-client (OpenVPN)
  • NAT-T
  • AES (128, 192, 256), 3DES, CAST, Blowfish
  • X.509 certificates
  • PSK
  • One-Click-Connection
  • Log-export